Scan Report
15 /100
302ai-api-integration
Automatically search 302.AI's 1400+ APIs and generate integration code for AI models, image generation, video, audio, and text processing
This is a legitimate 302.AI API integration skill with no malicious behavior. All functionality is declared and aligned with documented behavior.
Safe to install
No action required. The skill is safe to use as documented.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Placeholder API Keys in Documentation Doc Mismatch | references/integration_examples.md:106 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | scripts/parse_api_list.py fetches from https://doc.302.ai/llms.txt - declared in… |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md declares bash usage: 'python3 scripts/parse_api_list.py' - script is re… |
| Filesystem | READ | READ | ✓ Aligned | Script reads no files, only fetches remote content |
| Environment | NONE | NONE | — | No environment variable access detected |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation observed |
| Clipboard | NONE | NONE | — | No clipboard access detected |
| Browser | NONE | NONE | — | No browser access detected |
| Database | NONE | NONE | — | No database access detected |
3 High 17 findings
High API Key 疑似硬编码凭证
API_KEY = "your_api_key_here" README.md:94 High API Key 疑似硬编码凭证
API_KEY = 'your_api_key_here' references/integration_examples.md:106 High API Key 疑似硬编码凭证
APIKey = "your_api_key_here" references/integration_examples.md:286 Medium External URL 外部 URL
https://img.shields.io/badge/License-Apache%202.0-blue.svg README.md:13 Medium External URL 外部 URL
https://opensource.org/licenses/Apache-2.0 README.md:13 Medium External URL 外部 URL
https://img.shields.io/badge/Claude-Code-blue.svg README.md:14 Medium External URL 外部 URL
https://claude.com/claude-code README.md:14 Medium External URL 外部 URL
https://img.shields.io/badge/APIs-1400%2B-green.svg README.md:15 Medium External URL 外部 URL
https://doc.302.ai/ README.md:15 Medium External URL 外部 URL
https://api.302.ai README.md:95 Medium External URL 外部 URL
https://doc.302.ai/147522039e0.md SKILL.md:152 Medium External URL 外部 URL
https://doc.302.ai/xxxxxxxxx.md SKILL.md:157 Medium External URL 外部 URL
https://doc.302.ai/llms.txt SKILL.md:407 Medium External URL 外部 URL
https://api.302.ai/v1/endpoint references/integration_examples.md:194 Medium External URL 外部 URL
https://api.302.ai/v1/stream-endpoint references/integration_examples.md:206 Medium External URL 外部 URL
https://doc.302.ai/147522039e0.md) scripts/parse_api_list.py:120 Info Email 邮箱地址
[email protected] README.md:252 File Tree
8 files · 52.6 KB · 1994 lines Markdown 6f · 1779L
Python 1f · 215L
├─
▾
references
│ ├─
api_categories.md
Markdown
│ ├─
integration_examples.md
Markdown
│ └─
parse_script_usage.md
Markdown
├─
▾
scripts
│ └─
parse_api_list.py
Python
├─
icon.svg
├─
README_CN.md
Markdown
├─
README.md
Markdown
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
requests | unspecified | stdlib-equivalent | No | requests is used without explicit version pinning but is a widely-used standard library |
Security Positives
✓ No malicious code patterns detected (no base64, no obfuscation, no eval)
✓ All shell/network access is explicitly declared in SKILL.md
✓ Clean, readable Python code with proper error handling
✓ Script fetches from legitimate, declared 302.AI endpoints only
✓ No credential harvesting from environment variables or sensitive paths
✓ No data exfiltration or C2 communication patterns
✓ No persistence mechanisms or backdoors
✓ No supply chain risks - uses standard requests library with version flexibility